CNBC learns password security the hard way

It’s a good lesson for those learning the ropes on how to store and send passwords in the web context.

CNBC just learnt a lesson the hard way regarding computer security.

The news giant posted, and was quick to take down, an article on password security titled “how strong is your password?” It had had a text entry box, which if anything, was a classic example of how not to manage your all- important login credentials.

Adrienne Porter from Google, twitted that the text entry box, in which you placed the password for testing its strength, not only sent the password in clear text, which essentially guarantees anyone sniffing around to intercept your password and use it against you real account, but also that the site actually sends the password to a Google Docs spreadsheet. If that wasn’t enough it sent the password to multiple third parties.

What is not clear is what did CNBC mean when it said “no passwords are being stored,”?

If only the tool had kept the inputs of the text field airtight, its purpose would have been sufficiently served. The purpose would not have been fully served because the tool lulls you into a false sense of security and clearly underestimates how long it would take to crack passwords.

In all fairness, CNBC is now fully aware of what happened and is most probably improving the inner workings of its tool.

The real lesson to be learnt is the old adage – practice what you preach.

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s